module
Cayin xPost wayfinder_seqid SQLi to RCE
| Disclosed |
|---|
| Jun 4, 2020 |
Disclosed
Jun 4, 2020
Description
This module exploits an unauthenticated SQLi in Cayin xPost wayfinder_meeting_input.jsp file's wayfinder_seqid parameter can be injected
with a blind SQLi. Since this app bundles MySQL and apache Tomcat the
environment is pretty static and therefore the default settings should
work. Results in SYSTEM level access.
Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads
seem to be valid.
with a blind SQLi. Since this app bundles MySQL and apache Tomcat the
environment is pretty static and therefore the default settings should
work. Results in SYSTEM level access.
Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads
seem to be valid.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.